Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/08/02 7:24 a.m.12 views

CVE-2025-6754 SEO Metrics <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...

8.8CVSS0.00381EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/08/02 7:24 a.m.4 views

CVE-2025-6754 SEO Metrics <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...

8.8CVSS5.8AI score0.00381EPSS
Exploits0References7
CVE
CVE
added 2025/08/02 7:24 a.m.25 views

CVE-2025-6754

CVE-2025-6754 (SEO Metrics for WordPress) : The WordPress plugin versions 1.0.5–1.0.15 are affected by privilege-escalation due to missing authorization checks in seo_metrics_handle_connect_button_click() and seo_metrics_handle_custom_endpoint(). An attacker with subscriber-level access can obtai...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/08/01 10:15 p.m.7 views

WordPress SEO Metrics plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin SEO Metrics versions = 1.0.15...

8.8CVSS6.7AI score0.00381EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder